| option( |
| 'yocto-deps', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Use YOCTO dependencies system' |
| ) |
| |
| option( |
| 'kvm', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the KVM host video WebSocket. Path is /kvm/0. |
| Video is from the BMCs /dev/videodevice.''' |
| ) |
| |
| option( |
| 'tests', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable Unit tests for bmcweb' |
| ) |
| |
| option( |
| 'vm-websocket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to |
| open the websocket. See |
| https://github.com/openbmc/jsnbd/blob/master/README.''' |
| ) |
| |
| # if you use this option and are seeing this comment, please comment here: |
| # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions |
| # for this code. At this point, no daemon has been upstreamed that implements |
| # this interface, so for the moment this appears to be dead code; In leiu of |
| # removing it, it has been disabled to try to give those that use it the |
| # opportunity to upstream their backend implementation |
| #option( |
| # 'vm-nbdproxy', |
| # type: 'feature', |
| # value: 'disabled', |
| # description: 'Enable the Virtual Media WebSocket.' |
| #) |
| |
| option( |
| 'rest', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map |
| Phosphor D-Bus object paths, for example, |
| /xyz/openbmc_project/logging/entry/enumerate. See |
| https://github.com/openbmc/docs/blob/master/rest-api.md.''' |
| ) |
| |
| option( |
| 'redfish', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See |
| https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''' |
| ) |
| |
| option( |
| 'host-serial-socket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host serial console WebSocket. Path is /console0. |
| See https://github.com/openbmc/docs/blob/master/console.md.''' |
| ) |
| |
| option( |
| 'static-hosting', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable serving files from the /usr/share/www directory |
| as paths under /.''' |
| ) |
| |
| option( |
| 'redfish-bmc-journal', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable BMC journal access through Redfish. Paths are under |
| /redfish/v1/Managers/bmc/LogServices/Journal.''' |
| ) |
| |
| option( |
| 'redfish-cpu-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable CPU log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Crashdump'.''' |
| ) |
| |
| option( |
| 'redfish-dump-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Dump log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Dump |
| and /redfish/v1/Managers/bmc/LogServices/Dump''' |
| ) |
| |
| option( |
| 'redfish-dbus-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable DBUS log service transactions through Redfish. Paths |
| are under |
| /redfish/v1/Systems/system/LogServices/EventLog/Entries''' |
| ) |
| |
| option( |
| 'redfish-host-logger', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host log service transactions based on |
| phosphor-hostlogger through Redfish. Paths are under |
| /redfish/v1/Systems/system/LogServices/HostLogger''' |
| ) |
| |
| option( |
| 'redfish-provisioning-feature', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable provisioning feature support in redfish. Paths are |
| under /redfish/v1/Systems/system/''' |
| ) |
| |
| option( |
| 'bmcweb-logging', |
| type: 'combo', |
| choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ], |
| value: 'error', |
| description: '''Enable output the extended logging level. |
| - disabled: disable bmcweb log traces. |
| - enabled: treated as 'debug' |
| - For the other logging level option, see DEVELOPING.md.''' |
| ) |
| |
| option( |
| 'basic-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable basic authentication' |
| ) |
| |
| option( |
| 'session-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable session authentication' |
| ) |
| |
| option( |
| 'xtoken-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable xtoken authentication' |
| ) |
| |
| option( |
| 'cookie-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable cookie authentication' |
| ) |
| |
| option( |
| 'mutual-tls-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enables authenticating users through TLS client |
| certificates. The insecure-disable-ssl must be disabled for |
| this option to take effect.''' |
| ) |
| |
| option( |
| 'mutual-tls-common-name-parsing', |
| type: 'combo', |
| choices: ['username', 'meta'], |
| value: 'username', |
| description: '''Sets logic to map the Subject Common Name field to a user |
| in client TLS certificates. |
| - username: Use the Subject CN field as a BMC username |
| (default) |
| - meta: Parses the Subject CN in the format used by |
| Meta Inc (see mutual_tls_meta.cpp for details) |
| ''' |
| ) |
| |
| option( |
| 'ibm-management-console', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the IBM management console specific functionality. |
| Paths are under /ibm/v1/''' |
| ) |
| |
| option( |
| 'google-api', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the Google specific functionality. Paths are under |
| /google/v1/''' |
| ) |
| |
| option( |
| 'http-body-limit', |
| type: 'integer', |
| min: 0, |
| max: 512, |
| value: 30, |
| description: 'Specifies the http request body length limit' |
| ) |
| |
| option( |
| 'redfish-new-powersubsystem-thermalsubsystem', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, |
| and all children schemas. This includes displaying all |
| sensors in the SensorCollection.''' |
| ) |
| |
| option( |
| 'redfish-allow-deprecated-power-thermal', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable/disable the old Power / Thermal. The default |
| condition is allowing the old Power / Thermal. This |
| will be disabled by default June 2024. ''' |
| ) |
| |
| option( |
| 'redfish-oem-manager-fan-data', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enables Redfish OEM fan data on the manager resource. |
| This includes PID and Stepwise controller data. See |
| OemManager schema for more detail.''' |
| ) |
| |
| option( |
| 'https_port', |
| type: 'integer', |
| min: 1, |
| max: 65535, |
| value: 443, |
| description: 'HTTPS Port number.' |
| ) |
| |
| option( |
| 'dns-resolver', |
| type: 'combo', |
| choices: ['systemd-dbus', 'asio'], |
| value: 'systemd-dbus', |
| description: '''Sets which DNS resolver backend should be used. |
| systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus |
| support. asio relies on boost::asio::tcp::resolver, but cannot resolve |
| names when boost threading is disabled.''' |
| ) |
| |
| option( |
| 'redfish-aggregation', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Allows this BMC to aggregate resources from satellite BMCs' |
| ) |
| |
| option( |
| 'experimental-redfish-multi-computer-system', |
| type: 'feature', |
| value: 'disabled', |
| description: '''This is a temporary option flag for staging the |
| ComputerSystemCollection transition to multi-host. It, as well as the code |
| still beneath it will be removed on 9/1/2024. Do not enable in a |
| production environment, or where API stability is required.''' |
| ) |
| |
| option( |
| 'experimental-http2', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely |
| on this option for any production systems. It may have |
| behavior changes or be removed at any time.''' |
| ) |
| |
| # Insecure options. Every option that starts with a `insecure` flag should |
| # not be enabled by default for any platform, unless the author fully comprehends |
| # the implications of doing so.In general, enabling these options will cause security |
| # problems of varying degrees |
| |
| option( |
| 'insecure-disable-csrf', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable CSRF prevention checks.Should be set to false for |
| production systems.''' |
| ) |
| |
| option( |
| 'insecure-disable-ssl', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable SSL ports. Should be set to false for production |
| systems.''' |
| ) |
| |
| option( |
| 'insecure-disable-auth', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable authentication and authoriztion on all ports. |
| Should be set to false for production systems.''' |
| ) |
| |
| option( |
| 'insecure-tftp-update', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable TFTP based firmware update transactions through |
| Redfish UpdateService. SimpleUpdate.''' |
| ) |
| |
| option( |
| 'insecure-ignore-content-type', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Allows parsing PUT/POST/PATCH content as JSON regardless |
| of the presence of the content-type header. Enabling this |
| conflicts with the input parsing guidelines, but may be |
| required to support old clients that may not set the |
| Content-Type header on payloads.''' |
| ) |
| |
| option( |
| 'insecure-push-style-notification', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Enable HTTP push style eventing feature' |
| ) |
| |
| option( |
| 'insecure-enable-redfish-query', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enables Redfish expand query parameter. This feature is |
| experimental, and has not been tested against the full |
| limits of user-facing behavior. It is not recommended to |
| enable on production systems at this time. Other query |
| parameters such as only are not controlled by this option.''' |
| ) |